Lydia E. Payne-Johnson Peter A. Rabinowitz PricewaterhouseCoopers, LLP Harvard University August 20, 2008 New Identity Theft Red Flags Rule: What is New.

Slides:



Advertisements
Similar presentations
Consumer Protection Laws Dino Tsibouris (614)
Advertisements

Red-Flag Identity Theft Requirements February 19th 2009 Cathy Casagrande, Privacy Officer.
Fair Credit Reporting Act You must be told if information in your file has been used against you You can find out what is in your file You can dispute.
UNDERSTANDING RED FLAG REGULATIONS AND ENSURING COMPLIANCE University of Washington Red Flag Rules Protecting Against Identity Fraud.
Red Flags Compliance BANKERS ADVISORY 1 Red Flags Compliance Fair & Accurate Credit Transactions Act (FACTA) Identity Theft Prevention.
Compliance with Federal Trade Commission’s “Red Flag Rule”
WELCOME Iowa State University Identity Theft Prevention Program
Red Flags Rule BAS Forum August 18, What is the Red Flags Rule? Requires implementation of a written Identity Theft Prevention Program designed.
Detecting, Preventing and Mitigating Identity Theft Presented by the Bursar’s Office.
1 Identity Theft Program Procedures Viewing RED FLAGS in the MEDITECH System.
Red Flag Rules: What they are? & What you need to do
Red Flag Identity Theft Training California State University, Fullerton Campus Information Technology Training August 2012.
STAFF TRAINING: UCHC IDENTITY THEFT PREVENTION PROGRAM Upham’s Corner Health Committee, Inc. DBA Upham’s Corner Health Center Upham’s Elder Service Plan.
Are You Ready? Identity fraud and identity management are quickly becoming critical operational concerns for the financial industry. The Red Flags Guidelines.
Time to Wave the White Flag – Compliance with the FTC’s Identity Theft Red Flags Rule William P. Dillon, Esq. Messer, Caparello & Self, P.A Centennial.
©2012 CliftonLarsonAllen LLP Red Flags- Why This Matters to You An overview of the FACT Act Identity Theft Red Flag Rule and its current impact.
Identity Theft “Red Flags” Rules Under the FACT Act Reid Fudge CISSP, CISA Pulte Mortgage, LLC November 2008.
Red Flags 101. What It’s All About Section’s 114 and 315 of the FACT Act were implemented in October 2007 and became effective January 1, These.
Consumer Authentication in e-Banking & Part 748 – Appendix B Response Program Catherine Yao Information Systems Officer NCUA.
RMG:Red Flags Rule 1 Regal Medical Group Red Flags Rule Identify Theft Training.
Red Flags Rule & Municipal Utilities
 Federal Trade Commission (FTC)  Final Regulations issued November, 2007 › Effective 1/1/08 › Compliance and Enforcement Date 11/1/08  Enforcement.
IDENTITY THEFT & THE RED FLAGS RULE Presented by Brady Keith, Assistant General Counsel CREDIT MANAGEMENT SERVICES, INC.
University of Minnesota Identity Theft Prevention Program: Red Flags Rule Detecting, Preventing, and Mitigating Identity Theft This presentation was adapted.
© 2008 Smith Moore Leatherwood LLP. ALL RIGHTS RESERVED. Raising a “Red Flag”: Understanding the Fair and Accurate Credit Transactions Act, the “Red Flag”
About ONLINE Industry leader for more than 50 years Headquartered in North Carolina Originally a small merchant credit bureau In 1997, focus shifted from.
1 The FACT Act – An Overview The FACT Act An Overview of the Final Rulemaking on Identity Theft Red Flags and Address Discrepancies Naomi Lefkovitz Attorney,
Identity Theft and Red Flag Rules Training Module The University of Texas at Tyler.
Financial Data Protection and Consumer Notification of Data Security Breach Act of 2006 Sara Juster, JD Vice President/Corporate Compliance Officer Nebraska.
The Islamic University of Gaza
Code of Conduct for Mobile Money Providers 6 November 2014 All material © GSMA The policy advocacy and regulatory work of the GSMA Mobile Money team.
Equal Credit Opportunity Act (ECOA) 2012
Detecting, Preventing, and Mitigating Identity Theft
Fiduciary Standard Implications Regulatory Reform and Implications for the Municipal Bond Market Webinar Sponsored by the Regional Bond Dealers Association.
Section 12-2-Regulatory Agencies and Laws.   These agencies make or enforce rules and regulations  Agencies provide oversight or supervision of activities.
Teresa Macklin Information Security Officer 27 May, 2009 Campus-wide Information Security Activities.
UAMS Identity Theft Program—Red Flag Rule Computer Based Training (CBT) Module Prepared for UAMS Registration and Admissions Personnel Each slide contains.
Copyright 2007, Integrated Compliance Solutions, LLC FACT Act Red Flags Bank Compliance Association of Connecticut September 3, 2008 Copyright 2007, Integrated.
Tiffany George Attorney, Division of Privacy & Identity Protection Federal Trade Commission COMPLYING WITH THE RED FLAGS RULE & ADDRESS DISCREPANCY RULE.
FAIR CREDIT REPORTING ACT.  Serves the following principal purposes:  To regulate the consumer-reporting industry.  To prohibit unfair actions from.
2015 ANNUAL TRAINING By: Denise Goff
Understanding the Fair and Accurate Credit Transaction Act, the “Red Flag” Regulations, and their impact on Health Care Providers Raising a “Red Flag”
The FTC’s Red Flag Rule. FTC Red Flag Regulations Why the Red Flag Regulations?
ANTI-MONEY LAUNDERING TRAINING FOR LENDERS Bill Heyman Offit Kurman
Red Flag Rules Training Class SD 428. Red Flag Rules SD 428 The Red Flag Rules course (SD 428) was implemented at UTSA to meet the requirements and guidelines.
Identity Protection (Red Flag/PCI Compliance/SSN Remediation) SACUBO Fall Workshop Savannah, GA November 3, 2009.
FTC RED FLAG RULE As many as nine million Americans have their identities stolen each year. Identity thieves may drain their accounts, damage their credit,
Florida Information Protection Act of 2014 (FIPA).
IDENTITY THEFT. RHONDA L. ANDERSON, RHIA, PRESIDENT ANDERSON HEALTH INFORMATION SYSTEMS, INC.
Copyright© 2010 WeComply, Inc. All rights reserved. 10/10/2015 FACTA Red Flags.
Available from BankersOnline.com/tools 1 FACT ACT RED FLAG GUIDELINES.
Red Flag Training IDENTITY THEFT PREVENTION PROGRAM OVERVIEW AUTOMOTIVE.
New Identity Theft Rules Rodney J. Petersen, J.D. Government Relations Officer Security Task Force Coordinator EDUCAUSE.
Technology Supervision Branch Interagency Identity Theft Red Flags Regulation Bank Compliance Association of CT Bristol, CT September 3, 2008.
ANTI-MONEY LAUNDERING COMPLIANCE PROGRAM FCM TRAINING
Chapter 9: Introduction to Internal Control Systems
Prevention of Identity Theft. Why now, Why us? Federal Trade Commission (FTC) regulations for Identity Theft which may not apply, but it is good business.
CYBERSECURITY: RISK AND LIABILITY March 2, 2016 Joshua A. Mooney Co-chair-Cyber Law and Data Protection White and Williams LLP (215)
1 Identity Theft Prevention and the Red Flag Rules.
Red Flags Rule Red Flags Rule Staff Training Course Practice Administrator SAMPLE AAP PEDIATRICS.
Consumer Authentication in e-Banking & Part 748 – Appendix B Response Program Catherine Yao Information Systems Officer NCUA.
Small Business and Personal Credit
IDENTITY THEFT What’s a lawyer to do. H. Amos Goodall, Jr
Red Flags Rule An Introduction County College of Morris
Identity Theft Prevention Program Training
Clemson University Red Flags Rule Training
FACT Act Training for Staff Identity Theft “Red Flags”
Colorado “Protections For Consumer Data Privacy” Law
Getting the Green Light on the Red Flags Rule
Presentation transcript:

Lydia E. Payne-Johnson Peter A. Rabinowitz PricewaterhouseCoopers, LLP Harvard University August 20, 2008 New Identity Theft Red Flags Rule: What is New and How Leading Companies are Integrating Into Existing Processes The Privacy Symposium

Agenda  Introduction: The New Identity Theft Red Flags Rule  Who Will Need to Comply  Compliance Benefits/Non-Compliance Risks  Key Terms  Building a Red Flags Rule Program  Getting Started  Our Point of View: Steps Towards Compliance  Key Takeaways  Questions?

New Identity Theft Red Flags Rule: What Is New and How Leading Companies are Integrating into Existing Processes PricewaterhouseCoopers 3 Introduction: The New Identity Theft Red Flags Rule Identity Theft Red Flags and Address Discrepancies Under the Fair and Accurate Credit Transactions Act of 2003

New Identity Theft Red Flags Rule: What Is New and How Leading Companies are Integrating into Existing Processes PricewaterhouseCoopers 4 Introduction: The New Identity Theft Red Flags Rule Issued by the FTC and banking industry regulators to help detect, prevent and mitigate identity theft by protecting corresponding customer, institution and creditor risks Covered companies are required to: – Conduct a targeted risk assessment based on specified criteria; – Identify “covered accounts” and activities that potentially may be at risk for identity theft; –Develop and implement a written Identity Theft Prevention Program; –Implement ongoing processes for monitoring covered accounts; and –Ensure “safety and soundness” of the organization from ID theft November 1, 2008 compliance date

New Identity Theft Red Flags Rule: What Is New and How Leading Companies are Integrating into Existing Processes PricewaterhouseCoopers 5 Who Will Need to Comply “Creditors,” whether financial or non-financial, which include: –Banks –Credit/Debit Card Issuers –Mortgage Lenders –Utility Companies –Telecommunications Companies

New Identity Theft Red Flags Rule: What Is New and How Leading Companies are Integrating into Existing Processes PricewaterhouseCoopers 6 Key Benefits of Compliance Strengthens overall due diligence efforts Instills customer loyalty; confidence; and trust Boosts employee morale Helps to “connect-the-dots” in your ongoing fraud detection and privacy compliance efforts Helps keep your organization off consumer-focused regulators’ radar

New Identity Theft Red Flags Rule: What Is New and How Leading Companies are Integrating into Existing Processes PricewaterhouseCoopers 7 Potential Risks of Non-compliance Reputation/brand damage Loss of revenue Loss of employee morale (employees may be customers/users, too) Civil liability arising out of identity-theft related damages to customers Significant regulatory fines and/or sanctions.

New Identity Theft Red Flags Rule: What Is New and How Leading Companies are Integrating into Existing Processes PricewaterhouseCoopers 8 Key Terms – “Creditor” “Creditor” is based on the definition under 15 U.S.C. §1691a as being any person who: –Regularly extends, renews, or continues credit; –Regularly arranges for the extension, renewal or continuation of credit; or –Any assignee of an original creditor who participates in the decision to extend, renew, or continue credit.

New Identity Theft Red Flags Rule: What Is New and How Leading Companies are Integrating into Existing Processes PricewaterhouseCoopers 9 Key Terms – “Covered Accounts” & “Transaction Processes” “Covered accounts” –Consumer-related transactional accounts offered by banks, credit and debit card issuers, and other creditors (such as mortgage lenders, telecommunications companies and utilities) –Accounts that potentially have a "reasonably foreseeable risk of identity theft" such as: >deposit accounts and extensions of credit, (i.e. purchase of property or services involving a deferred payment); >accounts used primarily for personal, family or household purposes; and >other accounts. i.e., small business and sole proprietorships “Transaction processes” associated with account opening, accessing and closing, and/or other related experiences with identity theft.

New Identity Theft Red Flags Rule: What Is New and How Leading Companies are Integrating into Existing Processes PricewaterhouseCoopers 10 Key Terms – “Identifying Information” “Identifying Information” is a any name/number used alone or with any other information to identify a specific person, including: >Name, DOB, SSN, Driver’s License/State ID, Alien Registration #, Passport, Employee or Tax ID#; >Unique biometric data (fingerprint, voice print, retina, iris image); >Unique electronic ID #, address, routing code; or >Telecommunication identifying information or access device.

New Identity Theft Red Flags Rule: What Is New and How Leading Companies are Integrating into Existing Processes PricewaterhouseCoopers 11 Additional Requirements – Monitoring Address Changes Companies must also monitor customers’ address changes and/or discrepancies associated with the change: –Verifying the validity of change of address requests; –Authenticating your customer’s identity; and –Ensuring accuracy of consumers’ addresses when providing to a credit reporting agency (CRA) during the period of continuous customer relationship.

New Identity Theft Red Flags Rule: What Is New and How Leading Companies are Integrating into Existing Processes PricewaterhouseCoopers 12 Building a Red Flags Rule Program Four primary components that require implementing processes to: –Identify Relevant Red Flags for Covered Accounts –Detect Red Flags –Prevent and Mitigate Identity Theft –Periodically Update the Program

New Identity Theft Red Flags Rule: What Is New and How Leading Companies are Integrating into Existing Processes PricewaterhouseCoopers 13 Building a Red Flags Rule Program 1. Identify Relevant Red Flags for Covered Accounts Requires conducting an assessment to determine applicable risk factors, sources and categories of red flags to identify: –Covered accounts; –Associated account opening processes; –Account access mechanisms (i.e., in person, call center, website); and –Historical incidents/patterns of ID theft.

New Identity Theft Red Flags Rule: What Is New and How Leading Companies are Integrating into Existing Processes PricewaterhouseCoopers 14 Building a Red Flags Rule Program 2. Identify Relevant Red Flags for Covered Accounts 5 Red Flag Segments define 26 Key Indicators >Alerts, notifications or other warnings from CRAs, Service Providers, Fraud detection services; »i.e. fraud/active duty alert; credit freeze notice, inconsistencies in account activity >Presentation of suspicious documents (altered/forged); >Presentation of suspicious identifying information (inconsistent with your records); >Unusual/suspicious activity related to a covered account following change of address request (uptick in activity and users); and >Notice regarding possible ID theft related to covered accounts from customer, law enforcement, ID theft victim or any other person.

New Identity Theft Red Flags Rule: What Is New and How Leading Companies are Integrating into Existing Processes PricewaterhouseCoopers 15 Building a Red Flags Rule Program 2. Detect Red Flags Requires monitoring of new and existing covered accounts by: >Strengthening how the identity of customers are verified; >Authenticating customers; >Monitoring transactions; and >Verifying the validity of address changes, especially for existing covered accounts.

New Identity Theft Red Flags Rule: What Is New and How Leading Companies are Integrating into Existing Processes PricewaterhouseCoopers 16 Building a Red Flags Rule Program 3. Prevent and Mitigate Potential Identity Theft Implementing appropriate responses to heightened risks of identity theft: >Account monitoring; >Contacting the customer; >Changing any password, security codes or other security devices that permit access to a covered account; >Assigning a new account number to a covered account; >Not opening a new covered account; >Ceasing attempts to collect on a covered account or selling to a debt collector; >Notifying law enforcement; or >No action due to the particular circumstances.

New Identity Theft Red Flags Rule: What Is New and How Leading Companies are Integrating into Existing Processes PricewaterhouseCoopers 17 Building a Red Flags Rule Program 4. Updating Your Red Flags Rule Program Making relevant periodic changes to mitigate risks to customers or to the “safety and soundness” of the organization based on: >Experiences with identity theft; >Changes in identity theft methods; >Changes in identity theft prevention methods; >Changes in the types of accounts offered and/or information collected; and >Organizational changes due to mergers, acquisitions, alliances, joint ventures and service provider arrangements.

New Identity Theft Red Flags Rule: What Is New and How Leading Companies are Integrating into Existing Processes PricewaterhouseCoopers 18 Getting Started: Leverage Existing Processes Existing risk assessment and compliance programs that may be leveraged may include: –Fraud Prevention –Information Security –Privacy –Enterprise Risk Management Proactive approach to compliance

New Identity Theft Red Flags Rule: What Is New and How Leading Companies are Integrating into Existing Processes PricewaterhouseCoopers 19 Our Point of View: Steps Towards Compliance Five key phases: Conduct a high level review of key existing risk assessment and compliance programs Identify covered accounts, select a high risk / high priority account class for a pilot Red Flags Rule risk assessment, and execute a pilot/test program Based on the pilot's results, build a prototype Red Flags Rule risk assessment process that leverages and integrates existing processes Roll-out the Red Flags assessment to other covered accounts on a risk-rated basis Develop and implement an overarching, sustainable Red Flags Rule Identity Theft Prevention Program and governance process.

New Identity Theft Red Flags Rule: What Is New and How Leading Companies are Integrating into Existing Processes PricewaterhouseCoopers 20 Key Takeaways: The Identity Theft Red Flags Rule Applies to any covered institution or creditor that collects and uses consumers' confidential personal information, interacts with a credit reporting bureau, and/or maintains transactional accounts for individuals and businesses Includes both retail and business accounts May involve significant operational and systems adjustments Requires conducting an initial risk assessment Requires identification and implementation of appropriate identity theft red flags Requires implementing and sustaining an Identity Theft Prevention Program including on-going monitoring of and adjustments to red flags and program Mandatory compliance by November 1, 2008

Questions?

New Identity Theft Red Flags Rule: What Is New and How Leading Companies are Integrating into Existing Processes PricewaterhouseCoopers 22 Presenters Lydia E. Payne-Johnson Privacy, Governance, Risk and Compliance Advisory Services T: Peter A. Rabinowitz Privacy, Governance, Risk and Compliance Advisory Services T:

© 2008 PricewaterhouseCoopers LLP. All rights reserved. "PricewaterhouseCoopers" refers to PricewaterhouseCoopers LLP (a Delaware limited liability partnership) or, as the context requires, other member firms of PricewaterhouseCoopers International Ltd., each of which is a separate and independent legal entity. *connectedthinking is a trademark of PricewaterhouseCoopers LLP. The information contained in this document is provided 'as is', for general guidance on matters of interest only. PricewaterhouseCoopers is not herein engaged in rendering legal, accounting, tax, or other professional advice and services. Before making any decision or taking any action, you should consult a competent professional adviser. Although we believe that the information contained in this document has been obtained from reliable sources, PricewaterhouseCoopers is not responsible for any errors or omissions contained herein or for the results obtained from the use of this information. The information contained in this document is provided 'as is', for general guidance on matters of interest only. PricewaterhouseCoopers is not herein engaged in rendering legal, accounting, tax, or other professional advice and services. Before making any decision or taking any action, you should consult a competent professional adviser. Although we believe that the information contained in this document has been obtained from reliable sources, PricewaterhouseCoopers is not responsible for any errors or omissions contained herein or for the results obtained from the use of this information.

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.